]> BookStack Code Mirror - bookstack/blob - tests/PublicActionTest.php
Merge branch 'ivir-authncontext' of https://github.com/ivir/BookStack into ivir-ivir...
[bookstack] / tests / PublicActionTest.php
1 <?php namespace Tests;
2
3 use Auth;
4 use BookStack\Auth\Permissions\PermissionService;
5 use BookStack\Auth\Permissions\RolePermission;
6 use BookStack\Auth\Role;
7 use BookStack\Auth\User;
8 use BookStack\Entities\Models\Book;
9 use BookStack\Entities\Models\Chapter;
10 use BookStack\Entities\Models\Page;
11 use Illuminate\Support\Facades\View;
12
13 class PublicActionTest extends TestCase
14 {
15
16     public function test_app_not_public()
17     {
18         $this->setSettings(['app-public' => 'false']);
19         $book = Book::query()->first();
20         $this->get('/books')->assertRedirect('/login');
21         $this->get($book->getUrl())->assertRedirect('/login');
22
23         $page = Page::query()->first();
24         $this->get($page->getUrl())->assertRedirect('/login');
25     }
26
27     public function test_login_link_visible()
28     {
29         $this->setSettings(['app-public' => 'true']);
30         $this->get('/')->assertElementExists('a[href="'.url('/login').'"]');
31     }
32
33     public function test_register_link_visible_when_enabled()
34     {
35         $this->setSettings(['app-public' => 'true']);
36         $home = $this->get('/');
37         $home->assertSee(url('/login'));
38         $home->assertDontSee(url('/register'));
39
40         $this->setSettings(['app-public' => 'true', 'registration-enabled' => 'true']);
41         $home = $this->get('/');
42         $home->assertSee(url('/login'));
43         $home->assertSee(url('/register'));
44     }
45
46     public function test_books_viewable()
47     {
48         $this->setSettings(['app-public' => 'true']);
49         $books = Book::query()->orderBy('name', 'asc')->take(10)->get();
50         $bookToVisit = $books[1];
51
52         // Check books index page is showing
53         $resp = $this->get('/books');
54         $resp->assertStatus(200);
55         $resp->assertSee($books[0]->name);
56
57         // Check individual book page is showing and it's child contents are visible.
58         $resp = $this->get($bookToVisit->getUrl());
59         $resp->assertSee($bookToVisit->name);
60         $resp->assertSee($bookToVisit->chapters()->first()->name);
61     }
62
63     public function test_chapters_viewable()
64     {
65         $this->setSettings(['app-public' => 'true']);
66         /** @var Chapter $chapterToVisit */
67         $chapterToVisit = Chapter::query()->first();
68         $pageToVisit = $chapterToVisit->pages()->first();
69
70         // Check chapters index page is showing
71         $resp = $this->get($chapterToVisit->getUrl());
72         $resp->assertStatus(200);
73         $resp->assertSee($chapterToVisit->name);
74         // Check individual chapter page is showing and it's child contents are visible.
75         $resp->assertSee($pageToVisit->name);
76         $resp = $this->get($pageToVisit->getUrl());
77         $resp->assertStatus(200);
78         $resp->assertSee($chapterToVisit->book->name);
79         $resp->assertSee($chapterToVisit->name);
80     }
81
82     public function test_public_page_creation()
83     {
84         $this->setSettings(['app-public' => 'true']);
85         $publicRole = Role::getSystemRole('public');
86         // Grant all permissions to public
87         $publicRole->permissions()->detach();
88         foreach (RolePermission::all() as $perm) {
89             $publicRole->attachPermission($perm);
90         }
91         $this->app[PermissionService::class]->buildJointPermissionForRole($publicRole);
92
93         /** @var Chapter $chapter */
94         $chapter = Chapter::query()->first();
95         $resp = $this->get($chapter->getUrl());
96         $resp->assertSee('New Page');
97         $resp->assertElementExists('a[href="'.$chapter->getUrl('/create-page').'"]');
98
99         $resp = $this->get($chapter->getUrl('/create-page'));
100         $resp->assertSee('Continue');
101         $resp->assertSee('Page Name');
102         $resp->assertElementExists('form[action="'.$chapter->getUrl('/create-guest-page').'"]');
103
104         $resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
105         $resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
106
107         $user = User::getDefault();
108         $this->assertDatabaseHas('pages', [
109             'name' => 'My guest page',
110             'chapter_id' => $chapter->id,
111             'created_by' => $user->id,
112             'updated_by' => $user->id
113         ]);
114     }
115
116     public function test_content_not_listed_on_404_for_public_users()
117     {
118         $page = Page::query()->first();
119         $page->fill(['name' => 'my testing random unique page name'])->save();
120         $this->asAdmin()->get($page->getUrl()); // Fake visit to show on recents
121         $resp = $this->get('/cats/dogs/hippos');
122         $resp->assertStatus(404);
123         $resp->assertSee($page->name);
124         View::share('pageTitle', '');
125
126         Auth::logout();
127         $resp = $this->get('/cats/dogs/hippos');
128         $resp->assertStatus(404);
129         $resp->assertDontSee($page->name);
130     }
131
132     public function test_robots_effected_by_public_status()
133     {
134         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
135
136         $this->setSettings(['app-public' => 'true']);
137
138         $resp = $this->get('/robots.txt');
139         $resp->assertSee("User-agent: *\nDisallow:");
140         $resp->assertDontSee("Disallow: /");
141     }
142
143     public function test_robots_effected_by_setting()
144     {
145         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
146
147         config()->set('app.allow_robots', true);
148
149         $resp = $this->get('/robots.txt');
150         $resp->assertSee("User-agent: *\nDisallow:");
151         $resp->assertDontSee("Disallow: /");
152
153         // Check config overrides app-public setting
154         config()->set('app.allow_robots', false);
155         $this->setSettings(['app-public' => 'true']);
156         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
157     }
158
159     public function test_public_view_then_login_redirects_to_previous_content()
160     {
161         $this->setSettings(['app-public' => 'true']);
162         /** @var Book $book */
163         $book = Book::query()->first();
164         $resp = $this->get($book->getUrl());
165         $resp->assertSee($book->name);
166
167         $this->get('/login');
168         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
169         $resp->assertRedirect($book->getUrl());
170     }
171
172     public function test_access_hidden_content_then_login_redirects_to_intended_content()
173     {
174         $this->setSettings(['app-public' => 'true']);
175         /** @var Book $book */
176         $book = Book::query()->first();
177         $this->setEntityRestrictions($book);
178
179         $resp = $this->get($book->getUrl());
180         $resp->assertSee('Book not found');
181
182         $this->get('/login');
183         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
184         $resp->assertRedirect($book->getUrl());
185         $this->followRedirects($resp)->assertSee($book->name);
186     }
187 }